MACRO R6 exe Trojan Gen 文件恶意软件分析: c0e5b07cbf2d02c54f39ce6aad676dc7

MACRO R6.exe Trojan Gen 分析

更新于 2 months ago

检查者 Malaware Check

MACRO R6.exe

哈希类型	值	操作
MD5	c0e5b07cbf2d02c54f39ce6aad676dc7
SHA1	4100b839d867b252ffa991f91fb9e403b8e41256
SHA256	0198b7c285a13c98123bbcf85d1b072bcc00f225f6d30867f4ab3be1ea927da8
SHA512	7e87ca707772bcfd2121f350a001c36a5eda420e39f4612ef2d36f0b00734837bf5435421a1f005bf88ce4c6f83c79f10c46e8f7d9a793b9f970f88b8a64d87f
ImpHash	d9d89a540ccdbb6ae8951f49668ccb3f

哈希类型

值

操作

MD5

c0e5b07cbf2d02c54f39ce6aad676dc7

SHA1

4100b839d867b252ffa991f91fb9e403b8e41256

SHA256

0198b7c285a13c98123bbcf85d1b072bcc00f225f6d30867f4ab3be1ea927da8

SHA512

7e87ca707772bcfd2121f350a001c36a5eda420e39f4612ef2d36f0b00734837bf5435421a1f005bf88ce4c6f83c79f10c46e8f7d9a793b9f970f88b8a64d87f

ImpHash

d9d89a540ccdbb6ae8951f49668ccb3f

PE 分析

基本信息

▼

图标	哈希: e0cb087695e0e7a87d612029549ba9cf 模糊: 2f26a13d710fb4ee3dc0c8ddd37f2645 dHash: 00334d4d2b8e4d2a
映像基址	`0x00400000`
入口点	`0x004f0ee8`
编译时间	2019-08-29 16:15:30
校验和	0x00000000 (实际: 0x001e053d)
操作系统版本	5.0
PEiD 签名	`PE32 executable (GUI) Intel 80386, for MS Windows`
数字签名	No valid SignedData structure was found.
导入	11 库
导出	0 函数
资源	60 资源
节	10 节

版本信息

▼

CompanyName	Valve Corporation
FileDescription	Steam Client Bootstrapper
FileVersion	1.0.0.1
InternalName	steamcmd
LegalCopyright	Copyright (C) 2010 Valve Corporation
LegalTrademarks
OriginalFilename	steam.exe
ProductName	Steam Client Bootstrapper
ProductVersion	1.0.0.0
Comments
Translation	0x0409 0x04e4

PE 节

▼

名称	虚拟地址	虚拟大小	原始大小	熵	特征	MD5
`.text`	`0x00001000`	975,440 bytes	975,872 bytes	6.51 (压缩)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`0B0D3477F81FBCDB7E351BEC5DC7FD60`
`.itext`	`0x000f0000`	3,928 bytes	4,096 bytes	6.05 (正常)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`BE92FDBC8C2D4BFCD659356617210538`
`.data`	`0x000f1000`	26,732 bytes	27,136 bytes	6.02 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`42BEF51D694018618D6678AFC246F70B`
`.bss`	`0x000f8000`	22,268 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x000fe000`	12,996 bytes	13,312 bytes	5.21 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`C679857E9BCBCC793029EF4CA1DA82D1`
`.didata`	`0x00102000`	806 bytes	1,024 bytes	3.33 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`0B33D2418C11C274EEBEBAD860A8CFB3`
`.tls`	`0x00103000`	60 bytes	0 bytes	0.00 (正常)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x00104000`	24 bytes	512 bytes	0.21 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`D6A2B773BED77F9E3FF2515AF9F9BF99`
`.reloc`	`0x00105000`	77,740 bytes	77,824 bytes	6.70 (压缩)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`8F7C6F01E0E5201476F7AC71386FE713`
`.rsrc`	`0x00118000`	806,400 bytes	806,400 bytes	2.02 (正常)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`20FA1EE8EF5A8761A92E1B8C8260715B`

熵分析警报

2 检测到较高熵（≥6.5）的节 - 可能存在压缩

资源分析

▼

资源总数: 60 (802,852 字节)

资源类型	数量	总大小	百分比
RT_CURSOR	7	2,156 字节	0.3%
RT_BITMAP	12	4,964 字节	0.6%
RT_ICON	6	369,968 字节	46.1%
RT_STRING	21	17,828 字节	2.2%
RT_RCDATA	4	406,123 字节	50.6%
RT_GROUP_CURSOR	7	140 字节	0%
RT_GROUP_ICON	1	90 字节	0%
RT_VERSION	1	860 字节	0.1%
RT_MANIFEST	1	723 字节	0.1%

证书链分析

▼

无数字签名

此文件未进行数字签名。

安全影响:

无法验证发布者的身份
运行此文件时安全风险增加
可能在某些系统上触发安全警告

⚠ 此文件缺少数字签名或证书链无法验证。
执行来自未知来源的未签名文件时请谨慎。

证书验证状态

No valid SignedData structure was found.

建议: 验证文件来源并确保它来自可信的发布者.

发表评论

文件名	MACRO R6.exe
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
扫描器版本	1.0.211.174
数据库版本	2025-03-27 00:01:13 UTC

MACRO R6.exe Trojan Gen 分析

技术分析

Trojan.Win32.Gen.cl

扫描另一个文件

文件识别